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Description 

The present invention relates to an apparatus 
and method for the electronic generation of vari- 
able, non-predictable codes and the validation and 
comparison of such codes for the purpose of posi- 
tively identifying an authorised individual or user of 
an apparatus or system. 

There often arises a need to prevent all. but 
selected authorised persons from being able to 
carry out some defined transaction (such as grant- 
ing credit) or to gain access to electronic equip- 
ment or other system, facility or data (hereinafter 
"clearance or access"). Prior methods for prevent- 
ing unauthorised clearance or access typically in- 
volve devices which limit access to the subject 
data, facility, or transaction to those, who know a 
fixed or predictable (hereinafter "fixed") secret 
code. The problem inherent in relying on a fixed 
code as the means to gain such' selective clear- 
ance or access is that would-be unauthorised users 
need only obtain possession of the fixed code to 
gain such clearance or access. Typical instances of 
fixed codes include card numbers, user numbers 
or passwords issued to customers of computer 
data retrieval services. 

A known apparatus and method for providing 
security in financial transactions is disclosed in US 
4320387. Security in transactions between separate 
computers associated with respective individuals is 
ensured by a system for comparing and matching 
non-predictable codes generated by the separate 
computers, comprising: a first computer, operable . 
to produce a first non-predictable code on the 
basis of a first dynamic variable and a static vari- 
able: a first clock means for defining the first dy- 
namic variable, according to a first interval of time 
during which the static variable is input into the first 
computer; a second computer, operable to produce 
a second non-predictable code on the basis of a 
second dynamic variable and the static variable; a 
second clock means for defining the second dy- 
namic variable, according to a second interval of 
time during" which the static variable is input into 
the second computer; and means for comparing 
the first non-predictable codes with the sdcond 
non-predictable codes to determine a match. 

Likewise, security is ensured by a method for 
synchronising the time, definition of dynamic vari- 
ables in a system for comparing non-predictable 
codes generated by separate clock means accord- 
ing to time wherein the codes match when the 
dynamic variables match, comprising the steps of: 
inputting a static variable into a first computer 
including a predetermined algorithm; employing the 
algorithm of the first computer to calculate a first 
non-predictable code on the basis of the static 
variable and a first dynamic varible defined by a 



first interval of time in which the step of inputting 
occurred according to a first clock; putting the 
static variable and the first non-predictable code 
into a second computer independently including 
s" the predetermined algorithm; using the algorithm of 
the second computer tpjndependently calculate a 

_ secpnd non-predictable code on the basis of the 

Static variable and a second dynamic variable! de- 
fined by a second interval of time in which the step 
to of inputting occurred according to a second clock 
means; and comparing a first non-predictable code 
with a second non-predictable code to determine a 
match, ' : - / ' 

WO85/04035 discloses a portable transaction 
is device for use in a transaction system; The device 
includes a computer and means to encrypt trans- 
mission data as a function of clock information; 

With apparatus and a method of this kind it is 
necessary for the clocks of the two computers to 
20 be reasonably synchronised for the non-predictable 
codes to match. WO85/04035 makes no detailed 
disclosure of how this might be achieved. 
US4320387 discloses the use of a synchronisation 
code, transmitted between the parties of a transac- 
25 tion. 

The present invention is intended to overcome 
the disadvantages of the prior art by the provision, 
according to a first aspect, of a system, wherein 
the second interval of time comprises a central cell 
30 of time, having a predetermined duration, and one 
or more cells of time, each having a predetermined 
duration, bordering the central cell, and the second 
clock means defines respective values of the sec- 
ond dynamic variable for each cell of time whereby 
35 the second computer provides respective values of 
the second non-predictable code for each of the 
cells of time for comparison with said first non- 
predictable code. 

According to a second aspect, there is pro- 
40 vided a method, wherein the second interval of 
time comprises a central cell of time and one or 
more bordering cells of time; using the algorithm of 
the second computer to calculate independently a 
plurality of second non-predictable codes on the 
45 basis of the static variable and second dynamic 
variables defined by the cells of time; and deter- 
mining when a match occurs between the first non- 
predictable code and one of the second non-pre- 
dictable codes, 
so An embodiment of the present invention will 

now be described, by way of example only, with 
reference to the accompanying drawings in which: 

Figure t is a block diagram of a basic apparatus 
~ and method according to the invention for gen- 
55 erating and comparing non-predictable codes; 

Figure 1A is a block diagram of a preferred. * 
apparatus and method for generating and com- 
paring non-predictable codes where a means for 
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comparing non-predictable codes is included in 
a calculator which generates a non-predictable 
code; 

Figure 2 is a front isometric view of a credit card 
sized calculator for calculating a first non- 5 
preditable code for use in gaining clearance or 
access according to the invention; 
Figure 3 is a flow chart demonstrating a most 
preferred series of steps carried out by an ap- 
paratus according to the invention and/or in a ic 
method according to the invention; and 
'Figures 4 to 9 are diagrammatic representations 
of series of resultant code cells separately gen* 
erated by separate computers according to ex- 
emplary situations described herein; each dia- is 
gram sets forth the relationship via a via real 
time between resultant codes generated on the 
basis of time as kept by separate clock mecha- 
nisms in the separate computers generating the 
resultant codes according to the corresponding 20 
exemplary conditions described with reference 
to each Figure. 

In accordance with the invention an authorised 
person is provided with a fixed secret code or card 
seed 10. Figures 1. 1A. 2, 3, typically a number. 25 
which is unique to that individual. In the case of a 
credit or bank/cash card 20. Rgure 2, that number 
10 may be printed on the card itself such that if the 
authorised owner of the card forgets the number, it 
can be quickly retrieved by reference to the card or 30 
other permanently printed form of the fixed code 
10. Where the fixed code/card seed 10 is provided 
in permanent printed form on or in close connec- 
tion with the apparatus of the invention there is also 
preferably provided an additional portion of the 35 
fixed code 10. a so-called pin 45 (personal iden- 
tification number), which the authorised user 
memorises in order to further guard against misap- 
propriation of -the fixed code/card seed 10. The 
fixed code/card seed 10 or pin 45 may alternatively aq 
be used to identiiy an authorized terminal . which 
has been issued by the authority presiding over the 
granting of clearance or access. 

Such a fixed and/or memorized code 
(commonly referred to as a pin 45. FIG. 3. or 45 
personal identification number) is input into an ac- 
cess control module ("ACM") or host computer 50, 
FIGS. 1, 1A, 3 together with the unique static 
variable 10 and temporarily stored within the mem- 
ory of the host or ACM, step 100. FIG. 3. 50 

Preferably once the card seed 10 and pin 45 
are input into the host or ACM 50, each is sepa- 
rately compared against a library of authorized 
card pins, step 110, FIG.. 3, and a library of au- 
thorized card seeds, step 120. FIG. 3. stored in the 55 
host or ACM memory to determine whether there is 
a match. If either of the pin 45 or card seed 10 
which the user inputs into the host or ACM does 



not produce a match, clearance or access is de- 
nied and the card user must start over in order to 
gain access or clearance. 

In order to generate a non-predictable code 40. 
FIGS. 1 - 3. which will ultimately give the user 
clearance or access, the fixed code or seed 10 
and/or pin 45 must be input into a predetermined 
algorithm which manipulates the seed 10 and/or pin 
45 as a static variable. The algorithm is typically 
provided to the user in the form of a calculator 20, 
FIG. 2. which is loaded with a program for carrying 
out the predetermined algorithm. The calculator 20 
preferably comprises an electronic computer and 
most preferably comprises a microprocessor hav- 
ing a sufficient amount of volatile dynamic memory 
to store and carry out the functions of the predeter- 
mined algorithm. The computer 20 is most prefer- 
ably provided in a card 20. FIG. 2. having the 
appearance and approximate size of a credit card. 

Such credit card sized computer 20, FIG. 2. 
also preferably includes a conventional liquid cry- 
stal display 44 for displaying the ultimate non- 
predictable code 40 generated by the algorithm 
(referred to in FIG. 3 as "card resultant code"). The 
non-predictable code 40 thus generated may be 
visually observed by the user for eventual input 
into a host computer or ACM 50. FIGS. 1, 1A. 3. As 
shown in FIG. 2, the preferred form of card com- 
puter 20 has a length L of about 3.3 inches, a width 
W of about 2.1 inches and a depth D of less than 
about .07 inches. In addition or as an alternative to 
providing microprocessor 20 with a liquid crystal 
display 45 for visual observation of the first non- 
predictable code .40, computer 20 may include 
means for machine reading the first non-piodict- 
able (or card resultant) code 40 and/or pin 45 to 
the ACM or host 50, or may include sound produc- 
ing or other means for personally sensing the first 
non-predictable code 40. 

With reference to FIG. 3. after the card and 
host pins are compared and found to match, step 
1 10, the card seed 10 is typically compared 
against a library of card seeds stored in the host or 
ACM memory in order to determine whether there 
is a match, step 120, FIG. 3. If the card seed 10 
input into the host or ACM 50 does not match up 
with one of the seeds stored in the host library, 
access or clearance is denied, "no" step 120. FIG. 
3. o 

For purposes of initial explanation the discus- 
sion which follows with reference to FIGS. 1 and 1A 
assumes an embodiment of the invention whereby 
a single resultant code 70 is generated by the host 
or ACM 50. The most preferred embodiment of the 
invention wherein the clock mechanisms which 
generate the resultant codes 40 and 70, are syn- 
chronized and wherein the host or ACM preferably 
generates a series of resultant, non-predictable 
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codes, as opposed to a single code 70, is de- 
scribed hereinafter with reference to FIGS. 4-9. 

In addition to using the seed 10 and/or pin 45 
as static variables the predetermined algorithm is 
designed to utilize a second variable, a dynamic 
variable 30.60. FIGS, t, 1A. to calculate the non- 
predictable codes 40. 70 which may ultimately give 
access or clearance 90 to the user. A dynamic 
variable may comprise any code, typically a num- 
ber, which is defined and determined by the inter- 
val of time in which the card seed 10 and/or pin 45 
is put into the algorithm of either the card computer 
20 or the host or ACM 50. A dynamic variable is 
most preferably defined by the date and the minute 
in which the static variable is input into the pre- 
determined algorithm. A dynamic variable thus de- 
fined can be seen to change every minute. The 
dynamic variable could alternatively be defined ac- 
cording to any interval of time. e.g.. 2 minutes. 5 
minutes. 1 hour and the like. A dynamic variable 
thus defined would alternatively change every 1 
minute. 2 minutes, 5 minutes. 1 hour or with the 
passage of any other predetermined interval of 
time. 

With reference to FIG. 1 the most preferred 
means of establishing such a dynamic variable is 
via a time keeping means, such as on electronic 
digital clock, which by conventional means auto- 
matically inputs, steps a» or ci. the date and spe- 
cific interval of time (e.g.. 1 minute, 2 minutes, 5 
minutes, etc.) into the predetermined algorithm of 
the card 20 or host or ACM 50 in response to the 
input, step a or c. of the static variable 10 and/or 
pin 45. The date and time thus generated by the 
time keeping means may itself be independently 
manipulated according to another predetermined 
algorithm prior to input into the first predetermined 
algorithm of the dynamic variable. The fact that the 
dynamic variable 30 or 60 being input into the 
predetermined algorithm constantly changes in ab- 
solute value with passage of successive intervals of 
time of predetermined duration means that the card 
code 40 or Jiost or ACM code 70 generated ac- 
cording to the predetermined algorithm is also con- 
stantly changing with successive intervals of time 
and is thereby completely non-predictable. 

The non-predictability of the codes 40, 70, FIG. 
1, generated in the manner described above may 
be enhanced by the fact that the predetermined 
algorithm (together with the static variable 10 
and/or pin 45 and dynamic variable 30 input 
thereinto) are preferably stored in the calculator 20 
(and/or host or ACM 50) in volatile dynamic elec- 
tronic memory which is encapsulated with an en- 
ergizing means which destroys the algorithm, the 
card seed 10 . and the dynamic variable 30 (or 60) 
when the electronic memory is invaded, interrupted 
or violated in any way. The predetermined algo- 



rithm thus stored in such volatile dynamic memory 
cannot be discovered by a would-be thief because 
the entire memory including the predetermined al- 
gorithm is destroyed upon invasion of the memory, 
s In a preferred embodiment of the invention 

therefor the card seed 10 is stored in such volatile 
dynamic memory and by conventional means is 
automatically input step a, FIGS. 1. 1A, into the 
algorithm of the first computer 20 at regular intor- 
io vals of time. Such automatic inputting of the card 
seed 10 may thereby work In conjunction with the 
automatic definition and inputting of the first dy- 
namic variable 30 into the predetermined algorithm 
of the first computer 20 to effect completely auto- 
15 matic generation of the first non-predictable or re- 
sultant code 40 at regular intervals of time, 

The invention most preferably contemplates 
providing authorized personnel with a card com- 
puter 20. FIG. 2. only, but not with knowledge of 
20 the predetermined algorithm included In the com- 
puter 20. Authorized personnel are, therefore, pro- 
vided with a computer 20 capable of carrying out 
an algorithm which is unknown to such authorized 
personnel. 

25 . In the most preferred embodiment of the inven- 
tion where the predetermined algorithm provided to 
authorized users is stored in a volatile dynamic 
memory encapsulated with an energizing means 
which destroys the algorithm upon invasion of the 

30 memory, the only means of gaining unauthorized 
clearance or access is to misappropriate posses- 
sion of the original computer 20 itself and knowl- 
edge of the fixed code/card seed 10 (and knowl- 
edge of the card pin 45 if employed in conjunction 

35 . with the invention). 

The algorithm may alternatively be designed to 
manipulate more than one fixed code and/or more 
than one dynamic variable. Several means for in- 
putting each fixed code and dynamic variable may 

40 be included in the calculator 20 provided to users 
and in the host or ACM 50, FIG; 3. Each dynamic 
variable is preferably defined by the interval of time 
in which one or more of the fixed codes/card seeds 
are input into the algorithm. 

45 It can be seen, therefore, that the predeter- 
mined algorithm can comprise any one of an in- 
finite variety of algorithms. The only specific re- 
quirement for an algorithm to be suitable for use in 
the present invention is that such algorithm gen- 

50 erate a non-predictable code on the basis of two 
classes of variables, static variables (the. fixed 
codes) and dynamic variables such as described 
hereinabove. A non-predictable code C which is 
ultimately generated by the predetermined algo- 
55 rithm, f (x.y). may be expressed mathematically as: 

f(x.y) = C 
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where x is a static variablefixed code and y is a 
dynamic variable. Where several (n) static variables 
(xt. x 2 , ...x n ) and several (n) dynamic variables (y t . 
Y*- -yn) are intended for use in generating non- 
: predictable codes, a non-predictable code, thus s 
generated may be expressed mathematically as f- 
(xi . x 2 , ..jc„, yi . y 2 , ...y„) = C. 

The specific form of the algorithm only as- 
sumes, special importance as part of the invention, 
therefore, when the algorithm is capable of being to 
discovered by would-be unauthorized users. In the 
most preferred embodiment of the invention where 
the algorithm is completely undiscoverable by vir- 
tue of its storage in a volatile dynamic electronic 
memory which destroys the algorithm upon at- is 
tempted Invasion of the encapsulated memory, the 
. .. specific form of the algorithm comprises only an 
incidental part of the invention. The mere fact of 
the use of some algorithm to manipulate the fixed 
code and the dynamic variable does, however. a 
comprise a necessary part of the invention insofar 
as such an algorithm generates the ultimately im- 
portant non-predictable code. 

As the term "fixed code" or "card seed" or 
"seed" is used herein such terms include within 25 
their meaning numbers, codes, or the like which 
are themselves . manipulated or changed, math- 
ematically or otherwise, in some non-dynamic man- 
ner prior to or during the generation of a second 
non-predictable code 40. FIG. 3. The first 20 or 30 
second computer 50 may. for example, be pro- 
vided with a static program/algorithm utilizing the 
fixed code or seed as a variable and generating a 
new fixed code or seed which is ultimately input as 
the fixed code or seed 10 variable in the secret 35 
algorithm which generates the non-predictable 
codes, for example, for purposes of added security, 
a fixed code or seed 10 may be first added to 
another number and the result thereof used as the 
fixed code or seed 10 used to generate the non- 40 
predictable codes. Thus, the term fixed code or 
seed includes within its meaning the result of any 
non-dynamic operation performed on any fixed 
code or seed. It can be seen, therefore, that essen- 
tially any algorithm or operation may be performed 45 
on the fixed code 10 to generate another fixed 
code or seed, the algorithm or operation most 
preferably comprising a static algorithm or opera- 
tion. i.e.. one not utilizing dynamic variables so as 
to generate a static result. so 

With reference to FIG. 1, after a first non- 
predictable code 40 is generated as described 
above, such first non-predictable code 40 is com- 
pared 80 with the "second" non-predictable, code 
70 which is also generated by the user by putting. 55 
step c, the fixed code/card seed 10 (and the pin 
45. if employed) into the host or ACM 50 which 
contains the same predetermined algorithm used to 



generate the first non-predictable code 40. 

With reference to FIG. 1A, (a schematic dia- 
gram which assumes the host or ACM 50 includes 
the predetermined algorithm and the mechanism 
for comparing and matching the non-predictable 
codes) the first non-predictable code 40 is put 
step e 2 , into the host or ACM 50 essentially imm* 
diately after the fixed secret code 10 is put into the 
host or ACM 50 (i.e., step e 2 is carried out essen- 
tially immediately after step e) in order to gain 
clearance or access 90. If steps e and e 2 are not 
carried out within the same interval of time as 
steps a and at, were carried out, (i.e.. the same 
interval of time on which code 40 is based), then 
the host or ACM will not generate a second dy- 
namic variable 60 which will allow the predeter- 
mined algorithm of the host or ACM 50 to generate 
a second non-predictable code which matches the 
1st non-predictable code 40. 

The necessity for carrying out steps e and e 2 , 
FIG. 1A. within the same minute or other selected 
interval of time ("cell") is obviated in a most pre- 
ferred embodiment of the invention. With reference 
to FIGS. 3 - 4, the card 20 generates a resultant 
code 40. on the basis of a cell of time in which the 
code 40 was generated as defined by the card 
clock. Assuming for the sake of explanation that the 
card clock and the host or ACM clock 125 are 
synchronized with each other and with real time 
and assuming the user inputs the correct card seed 
10 and resultant code 40 into the host or ACM 50 
within the same cell of time as the resultant code 
40 was generated by the card 20 the host 50 is 
preferably provided with a program which gen- 
erates a series or "window" of resultant codes (as 
opposed to a single non-predictable code 70. FIG. 
1). [As used hereinafter, the term "cell" is, depend- 
ing on the context, intended to refer to an interval 
of time of predetermined duration on which the 
generation of a resultant code is based or to the 
resultant code itself.] The various second non-pre- 
dictable codes which comprise the "window" are 
calculated by the host or ACM 50 on the basis of 
the cell of time in which the user correctly entered 
the seed 10. code 40. and pin 4Sinto the host or 
ACM 50 as defined by the host clock 125. FIG. 3, 
and one or more bordering cells of time, e.g., -2, 
-1. and +1. +2 as shown in FIG. 4. An ACM or 
host computer 50 program then compares the card 
resultant code 40 with all of the individual resultant 
codes computed as the window of host cells shown 
in FIG. 4 to determine whether there is a match 
between any of the host cells and the card code 
40. In the example stated, the card code 40 will of 
course match up. step 172. FIG. 3. with the zero 
cell-based host code. FIG. 4 because the user 
input the seed 10. pin 45 and code 40 within the - 
same cell of time as the card code 40 was gen- 
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erated. 

[As used hereinafter, "input" or "inputting" or 
"entry" into the host or ACM 50 refers to input of 
the correct card seed 10. card resultant code 40 
and card pin 45 into the host or ACM 50 and 5 
positive matching of the card seed 10, step 120, 
FIG. 3, and card pin 45. step '110, with a host seed 
and host pin which are stored in the permanent 
memory in the host or ACM 50]. 

Assuming in the example stated above with io 
reference to FIG. 4. however, that the user had 
input the card code 40 and seed 10 (and pin 45), 
FIG. 3, one minute later than the card had gen- 
erated the code 40, the host or ACM 50 will have 
generated a different window of codes as shown in is 
FIG. 5; that is, the host will have generated a 
central cell correspoding to a + 1 cell code (based 
on real time) as if the +1 cell code is the zero cell 
of the window of cell (as shown in parenthesis in 
FIG. 5) and further generate the predetermined 20 
number of bordering cell codes (e.g., real time -1,0 
and + 2. +3 as shown in FIG, 5). Thus although 
the user inputs the card seed 10 and the card- 
resultant code 40 into the host or ACM 50 one 
minute late, the host computer 50 still generates a 2s 
matching cell code, the real time zero cell code 
which "borders" the central cell, i.e., the + 1 cen- 
tral cell code as shown in parenthesis in, FIG. 5. 

Provision of the host or ACM 50. FIGS. 3 - 5 
with a mechanism for generating a series or win- 30 
dow of second non-predictable codes, as opposed 
to a single second code 70. FIG. 1. thereby allows 
a card user a selected amount of leeway of time 
(beyond the time length of the interval of time on 
which code 40 is based) in which to input a correct 55 
seed 10. pin 45 and card code 40 into the host or 
ACM 50 and still generate a matching host resul- 
tant code. J 

The examples, stated above assumed that the 
card clock and the host clock 125. FIG. 3 were 40 
both synchronized with real time. Assuming the 
card clock and the host clock remain synchronized 
at all times, it would only be necessary to provide 
the host or ACM 50 with a mechanism for generat- 
ing a selected number of bordering cells which 45 
"precede" the central cell of the window, e.g : . with 
reference to FIG. 5. the (-2), <-1) t (0) cells. In those 
applications where the card clock -and the host 
clock are maintained in synchrony with each other 
at all times, the host or ACM clock 125 preferably 50 
defines only two dynamic time variables so as to 
generate a central cell code and a -1 host window 
cell code. Such embodiment allows the user to 
input to seed 10, pin 45 and code 40 one cell code 
late but only one cell code late for security en- 55 
hancement. 

In the more typical case, however, where the 
card clock and the host clock 125 may be out of 



synchrony with real time, e.g.. where the card clock 
is running fast relative to the host clock, the gen- 
eration of cells which "follow" the central cell of the 
host window may be required to generate a match- 
ing host resultant code. 

;",VVith ;< refer8nce to FIG. 3. 6 the invention most 
preferably provides a mechanism for synchronizing 
the card and host clocks in the case where such 
independent clocks more typically run fast or slow 
relative to real time and/or relative to each other. 

The following examples assume for purposes 
of explanation that the ; time equivalent length of all 
cell codes are one minute In duration. Assuming 
that the card clock is one minute slow and the host 
clock 125. FIG. 3 is correct relative to real time, the 
card will generate a resultant code 40 based on a 
real time of -1 minute (relative to the host clock 
125) and. if the user inputs the card resultant code 
40 (and the correct seed 10 and pin 45) into the 
host or ACM 50 within the same minute as the 
code 40 Is generated, the host or ACM 50 will 
generate a window of resultant codes according to 
the series of cells shown in FIG. 6 (assuming the 
predetermined number of bordering cells is se- 
lected as 2 cells immediately preceding and 2 cells 
immediately following). Matching resultant codes, 
i.e., the card -1 cell code and the host -1 cell code, 
will thus have been generated: 

Although the card clock was one minute slow 
in the example just described, the host computer is 
provided with a program mechanism which will 
automatically adjust (i.e.. synchronize) the host 
clock time with the card clock time when the card 
user next enters a correct card seed 10 and card 
pin 45 (and code 40) into the host or ACM 50. The 
host accomplishes such synchronization by storing 
a difference in matching cell time in the permanent 
memory of the host, step 190, FIG. 3; e.g., in the 
example just described, the last matching transac- 
tion, step 180. FIG. 3 fell in the -1 cell of the host 
"window" as showft in parenthesis in FIG. 6. Such 
cell time difference is referred to herein as the 
"time offset" which is stored in the permanent host 
memory, step 190. FIG. 3. The time offset is the 
difference in time between the central cell and the 
bordering cell from which a matching second non- 
predictable code was generated. 

Upon the next entry of the card user into the 
host 50 (assuming the card clock has not run any 
slower since the last, entry and assuming the host 
clock has remained synchronized with real time 
and assuming the user next enters the host 50 
within the same minute as the card generates 
resultant code 40), the host computer. 50 will auto- 
matically algebraically add the stored time offset, 
steps 135. 140. FIG. 3. to the temporarily stored 
host clock time, step 130, and generate the series 
of relative real time host cell codes shown in FIG. 7 
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wherein the card code cell which is one minute 
slow in real time, is now treated in the host window 
as a zero cell (as shown in parenthesis in FIG. 7). 
i.e., the central cell of the host window of cells, is- 
adjusted to subtract one minute therefrom, via sub- 5 
traction of the one-minute stored time offset 1 35, 
FIG. 3. As shown in FIG. 7, the bordering cells of 
the host window are similarly adjusted by the one- 
minute stored time offset. Further, in all future 
entries by the user into the host 50. the temporarily w 
stored time and date of entry, step 130. FIG. 3, will 
be adjusted by trje permanently recorded one- 
minute stored time offset. 

As to the example described above with refer- 
ence to FIG. 5 wherein the card and host clocks 15 
were assumed to be synchronized with real time 
and wherein the user entered the host one minute 
late, it is noted that even though the host clock was 
synchronized with real time, the host will neverthe- 
less compute a time offset, step 180, FIG. 3. to be 20 
stored, step 190, and used in adjusting the tem- 
porarily stored time of . entry, step 130, FIG. 3. in 
future transactions by the user, because the match- 
ing cell of the host window, as shown in parenthe- 
sis FIG. 5. was not the central cell code of the 25 
window (i.e., was not the real time + 1 cell code) 
but rather was a bordering real time cell code, i.e., 
the bordering real time zero cell code. 

Simply stated, therefore, a stored time offset 
will be computed step 180, FIG. 3, and stored, step 30 
190. FIG. 3. for use in adjusting the time of entry 
into the host in all future entries, step 140. FIG. 3, 
whenever on a given entry, step 130. FIG.. 3, a 
"bordering" cell code of the host window (as op- 
posed to the central cell code) produces a match 35 
with the input card resultant code 40: 

In storing, step 190. FIG. 3. a time offset which 
is computed, step 180. during any given transac- 
tion, the presently computed time offset is algebra- 
ically added or summed to any time, offsets pre- 40 
viously computed and stored as a result of pre- 
vious entries and grantings of access, step 173. 

Inasmuch as a clock mechanism, once begin- 
ning to run fast or slow, will continue to run fast or 
slow during all future uses of the system of the 45 
invention, the host or ACM 50 will add or subtract 
all time offsets recorded during successive uses of 
the system to the stored time offset(s) recorded 
and permanently stored from previous transactions, 
step 180. FIG. 3. Most preferably, a newly com- so 
puted time offset will not be permanently stored, 
step 190, in the host or ACM memory 200. unless 
and until access or clearance has already been 
granted, step 173. 

As described and shown in the. examples of 55 
FIGS. 4 - 7 the host or ACM is typically pro- 
grammed to compute four (4) cell codes bordering 
the central eel! code (i.e., two cells immediately 



preceding and two cells immediately following the 
. centralrt^ll) as the "window" within which the user 
is allowed to deviate in inputting the card seed 10, 
the pin 45. and. the card resultant code 40 into the 
host or ACM. Such bordering cells have been 
described as corresponding to codes correspond- 
ing to one-minute intervals. It is noted that the 
number and time equivalent length of the bordering 
cells may be increased or decreased as desired. 

The. absolute degree by which the card clock 
and the host or ACM clock 125 may run fast or 
slow relative to real time typically increases with 
the passage of time. For example, if the card clock 
is running slow by 30 seconds per month and the 
host clock is running fast at 30 seconds per month, 
the two clocks will run the time equivalent of one 
minute out of synchrony after one month, two min- 
utes out of synchrony after two months, three min- 
.utes out of synchrony after three months, etc. If the 
authorized card user uses the card each month, the 
automatic synchronizing means described above 
with reference to FIGS. 4 - 7 will have adjusted the 
host or ACM time window upon each usage to 
account for such lack of synchrony with real time. 
If. however, the card user does not actually use the 
card for, for example, six months, the card clock 
and the host clock will be six minutes out. of 
synchrony, and even if the user correctly uses the 
system by inputting the pin 45. card seed 10 and 
card code 40, FIG. 3. into the host or ACM within 
the same minute (or other selected time cell inter- 
val) as the pin 45. the seed 10 and code 40 were 
generated by the card, the user would not be able 
to gain access or clearance (i.e., cause the host or 
ACM to generate a matching resultant code) in the 
typical situation where the "window" of bordering 
cell times is selected as two one-minute cells im- 
mediately preceding and two one-miniute cells im- 
mediately following the central host cell. FIG. 8 
depicts such an exemplary situation as just de- 
scribed, wherein it can be seen that the card clock, 
after six months of non-usage, generates a resul- 
tant code 40. FIG. 3, which is based on -3 minutes 
in real time, and the host clock, after six months of 
non-usage, causes the generation of the typically 
selected five cell window comprising cell codes 
corresponding to +1. +2. +3, +4. and +5 min- 
utes in relative real time. In the typical case, there- 
fore, where the selected window comprises four 
bordering cells ; matching second non-predictable 
codes will not be generated under any circum- 
stances after six months of non-use. 

The invention, most preferably provides a 
mechanism by which the host window of bordering 
cells is opened wider than the preselected window 
by an amount which varies with the length of time 
of non-use of the card. Such window opening is 
accomplished by storing the most recent date of 
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comparison and matching, determing the difference 
in time between such date and the present date of 
entry into the second computer and calculating as 
many additional bordering cells as may be pre- 
determined according to the difference in time be- 
tween the dates. 

Typically the window is opened by two one 
minute bordering cells per month of non-use (e.g., 
one cell immediately preceding and one cell imme- 
diately following the preselected -window) but the 
number ot cells by which the window is opened 
and the time equivalent length of each cell may be 
predetermined to comprise any other desired num- 
ber and length. 

Assuming the exemplary situation described 
above where the card clock and the host clock 125. 
FIG. 3, are running slow and fast respectively by 
30 seconds per month and the user has not used 
the card for six months, the host or ACM com- 
pares, step 150, the temporarily stored date of the 
present entry, step 130. with the permanently 
stored date of the last access, step 175. and com- 
putes the number of months X, step 160. between 
the date of last access and the date of present 
entry. In the present example six months of non- 
use is calculated step 160. FIG. 3, and the window 
is opened by six additional one-minute bordering 
cells on either side of the preselected four cell 
window as shown in FIQ. 9 to give an overall 
window of sixteen minutes. The card resultant code 
40 based on *3 minutes in relative real time thus 
matches, step 172, FIG. 3A. as shown in FIG. 9 
with the -6 host bordering cell code (-3 in real time) 
and access or clearance is ultimately granted. As 
described above with reference to FIGS. 4-7, 
because the matching host cell code is a bordering 
cell code of the host window and not the central 
host cell (i.e., the zero cell), a new stored time 
offset of -6 minutes will be computed (i.e., added to 
the permanently stored time offset), step 180. FIG. 
3. and stored, step 190. and the host clock there- 
after will adjust the zero cell of the host window 
(and accompanying bordering cells) each time the 
user of the-card having the particular card seed 10 
and pin 45 which was used in the present transac- 
tion uses the card to gain access in future transac- 
tions. 

Lastly the invention further includes a failsafe 
window opening mechanism to provide for the con- 
tingency where the host or ACM 50 and its clock 
125. FIG. 3, may shut down between card usages. 
Ir> the event of such a shut down, the host or ACM 
clock 125 must typically be reset and re-synchro- 
nized, and in the course of such resetting an error 
may be made in the ^synchronization. In" order to 
insure that the card user may reasonably gain 
access in the event of such an error in re-setting 
the host clock 125. the host or ACM 50 is prefer- 



ably provided with a mechanism for sensing such a 
re-setting and for storing a predetermined window 
opening number upon each re-setting of the host or 
ACM 125. Such window opening number is typi- 

s cally selected as six additional one-minute border- 
ing cells (e.g.. three additional cells immediately 
" preceding and three additional cells immediately 
following the existing window) but may be selected 
as more or fewer cells of other selected length. 

to The re-setting window opening number is typi- 

cally added, step 165. FIG. 3. to the result of non- 
usage step 160 and the total additional number of 
cells comprising the window is computed, step 
170. FIG. 3, i.e.. all bordering cells surrounding the 

/s central cell are computed including (a) the 
preselected window allowing for user delay in in- 
putting and/or card and host clock asynchrony, (b) 
the no-usage window allowing for card and host 
clock asynchrony over long periods of time of non- 
20 usage and (c) the re-setting window opening num- 
ber. 

Assuming the exemplary situation described 
above with reference to FIG. 9. if the host or ACM 
had shut down within the six month period of non- 
25 use, the host window as depicted in FIG. 9 would 
be further opened by an additional six bordering 
cells such that -11. -10. -9 and +9. +10. +11 host 
window cells would also have been computed, step 
170. FIG. 3. and made available for comparison 
30 and potential matching with card resultant code 40 
in step 172. FIG. 3. As described with reference to 
FIGS. 5 - 9. where a new time offset is computed 
and stored, steps 180. 190. FIG. 3. as a result of a 
match found in a bordering cell of a window gen- 
35 erated by virtue of non-usage and/or the preselec- 
ted window, a new time offset will similarly be 
computed and stored, steps 180, 190. if a match is 
found in a bordering cell generated as a result of 
shut-down. 

40 Unlike the non-usage window opening number, 

the re-set window opening number is typically 
stored in the permanent memory 200 of the host or 
ACM 50. FIG. 3. such that once the host clock 125 
is re-set. the selected window, opening number is 

45 available in permanent memory 200 to open the 
. window upon the next attempted entry by the user. 
Although the re-set window opening number is 
established and stored in permanent memory 200. 
such re-set window opening number is preferably 

so eventually closed down or eliminated for security 
enhancement after it is established upon succes- 
sive attempted entries by a variety of card users 
that the host clock 125 was correctly reset or after 
the host clock 125 is otherwise re-synchronized 

55 with real time to correct any errors which may have 
occurred as a result of the re-setting. The use of 
the re-set window opening number is. therefore, 
preferably temporary. 
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In the practical application of the invention, 
many cards are issued to many users and each 
card includes its own card clock. Recognizing that 
the average of the times being kept by the individ- 
ual clocks of a statistically significant sample of a 5 
variety of cards, will produce an accurate or very 
nearly- accurate representation of real time, the 
invention most preferably includes a mechanism 
for permanently adjusting the time kept by the host 
clock 125. FIG. 3, after the clock 125 has been re- to 
set, to the average of the times of entry (after re- 
setting of the host clock 125) of a selected number 
of different cards or card users. For example, as- 
suming that host clock 125 has been reset, the 
next time of entry of the next five (or other selected is 
number of) separate card users is averaged, the 
host clock 125 is permanently adjusted or re-syn- 
chronized to such" an averaged time, and the re-set 
window opening number is thereafter eliminated 
a? from the permanent host memory 200. Re-adjust- 20 
ing or re-synchronization of the host clock 125 to 
the averaged time of the card clocks is typically 
carried out by the host 50 by computing another 
master time offset which, is algebraically added to 
the time offsets peculiar to each card 20. The « 
computation of such a master offset assumes that 
a selected number of separate cards 20 were able 
to gain access, step t73, FIG. 3 as a result of the 
re-set window opening or otherwise. The average 
of the time offsets computed as to the selected 30 
number of cards which enter the host 50 (after the 
host clock 125 is re-set) is preferably stored as a 
master time offset (i.e.. as a re-synchronization of 
the host clock 125). the re-set window opening 
number is then eliminated as to all future entries by 35 
card users, and the master time offset is used (in 
addition to permanently stored time offsets peculiar 
to each card) to adjust the card clock 125 in 
transactions as to all card entries thereafter. 

As a practical matter, a limit is typically placed 40 
on the total number of bordering cells by which the 
window is opened regardless of the length of time 
of non-usage by the card user or the number of 
times the host or ACM 50 is reset as a result of re- 
setting of clock 125.^or security reasons, such a 45 
limit is typically selected as ten one-minute border- 
ing cells - as stated in step 170. FIG. 3 the number 
cf codes comprising the window are the lesser of 
(3) 4 bordering cell codes, the preferred selected 
window, plus X, the number of months or other 50 
- selected non-usage periods, plus Y t the shut down 
window opening number, or (b) 10. the maximum 
number of additional cell codes.. Such a maximum 
window may. of course, be selected as more or 
less than 10 depending on the degree of security 55 
desired. 

' It is noted that FIG. 3 depicts a preferred 
sequence of operations and not necessarily the 



only sequence. Steps 110 and 100 could, for ex- 
t ample, be interchanged or. for example, the step of 
automatically inputting the re-set window opening 
number, step 167 could precede any of steps 140 - 
160. 

The host or ACM 50, FIGS. 1. tA, 3' typically 
includes one or more programs and sufficient 
memory to carry out all of the steps shown In FIG. 
3. although one or more of those functions may be 
carried out by a device separate from and' commu- 
nicating with or connected to the host or ACM 50. 

With respect to the computation, storage and 
retrieval of time offsets, the host or ACM 50 is 
provided with mechanisms for recognizing, storing, 
retrieving and computing time offsets which are 
peculiar to each card seed 10 and/or pin 45 and 
responsive to the input of the same Into the host or 
ACM 50. 

FIG. 2 depicts the most preferred form of the 
calculator 20 which is provided to authorized users 
for generating the first non-predictable or card re- 
sultant code 40. As shown in FIG. 2 the calculator 
20 is of substantially the same size as a conven- ' 
tional credit card and includes a conventional liquid 
crystal display 44 for displaying the code 40 to the 
user. The credit/card computer 20, FIG. 2, may 
bear the identity of the card seed/fixed code 10 
printed on its face, and includes a digital clock 
means, an energizing means, a microprocessor 
and sufficient memory for storing the predeter- 
mined secret algorithm, a program for generating a 
dynamic variable if desired, and the card seed 10 
and pin 45 if desired. 

In an embodiment of the invention where the 
goal is to grant access to a physical facility, the 
ACM 50 may comprise a portable device such that 
it may be carried by a security guard stationed at a 
central access location leading to a guarded build- 
ing or other facility. A security guard thus in pos- 
session of such an ACM would typically read the 
card seed 10 and the non-predictable code 40 
appearing on the card 20. FIG. 2. of authorized 
person and input such codes 10. 40 (in addition to 
the pin 45 - otherwise provided to the guard by 
the card bearer) into the portable ACM 50 to deter- 
mine whether the card bearer is truly in possession 
of a card 20 which was issued by the authority 
establishing the secret predetermined algorithm. 

As described herein protection of the secrecy 
of the predetermined algorithm is preferably ac- 
complished in the calculators provided to autho- 
rized personnel by virtue of its storage in volatile 
dynamic memory and encapsulation with a volatile 
dynamic energizing means. With respect to the 
algorithm provided in the ACM secrecy may be 
maintained in a similar manner or other conven- 
tional manner, e.g.. by physically guarding the 
ACM or requiring additional access/user codes to 
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gain direct access. Where all programs, data and 
results of operation are stored in such volatile dy- 
namic memory, the same are similarly protected 
against invasion.- 

■ ... Although the invention contemplates some 5 
form of communication of the result of operation 40 
carried but on the card 20. FIG. 2. to the host or 
ACM 50 or any other electronic device, a talking 
between the computer 20 and the host 50 is not 
required or contemplated by the invention. There- to 
fore, after the first computer 20 has calculated the 
first non-predictable code 40 and the code 40 has 
been input into the host 50. no other information 
need be communicated back to the first computer 
20 from the host 50 or another device in order to js 
gain clearance or access. 

Lastly it is noted that the fixed code or seed 10 
and/or pin 45, FIG, 3, may be employed to identify 
a computer terminal or other piece of equipment or 
device as opposed to a card 20. For example, a 20 
terminal or a space satellite or other device may be 
provided with a computer 20 which is assigned a 
code or seed 10 and/or a pin 45 (and, of course, 
provided with the secret predetermined algorithm 
and a clock and conventional electronic mecha- 25 
nisms for computing the code 40 and inputting the 
code 10. pin 45, and resultant code 40 to the host 
or ACM 50) in order to identify such terminal, 
satellite or the like in the same manner as a card, 
computer 20 is identifiable as described 30 
hereinabove. 

Claims 

1. A system for comparing and matching non- 35 
predictable codes generated by separate com- 
puters, comprising: 

a first computer (20), operable to produce a 
first non-predictable code (40) on the basis of 
a first dynamic variable (30) and a static vari- 40 
able (10), a first clock means for defining the 
first dynamic variable (30). according to a first 
interval of time during which the static variable 
is input into the first computer (20). 
a second computer (50), operable to produce a 4S 
second non-predictable code (70) on the basis 
of a second dynamic variable (60) and the 
static variable (10), a second clock means for 
defining the second dynamic variable (60), ac- 
cording to a second interval of time during 50 
which the static variable (10) is input into the 
second computer (50), and 
means (80) for comparing the first and second 
non-predictable codes (40. 70) to determine a 
match. 5S 
characterised in that 

the second interval of time comprises a central 
cell of time, having a predetermined duration. 



and one or more cells of time, each having a 
predetermined duration, bordering the central 
cell, and In that 

the second clock means defines respective 
values of the second dynamic variable (60) for 
each cell of time whereby the second com- 
puter provides respective values of the second 
non-predictable code for each of the cells of 
time for comparison with said first non-predict- 
able code. 

2. A system according to claim 1 wherein there is 
provided means for synchronising the first 
clock means and the second clock means 
upon matching of the first non-predictable 
code (40) with one of the second non-predict- 
able codes (70). 

3. A system according to claim 1 or 2 wherein 
the central cell of time comprises the date and 
the minute in which the unique static variable 
is input into the second computer (50) as de- 
fined by the second clock means. 

4. A system according to claim 1, 2 or 3 wherein 
the bordering cells of time comprise a cell of 
time comprising the date and the minute im- 
mediately preceding the central cell. 

5. A system according to any preceding claim 
wherein the border cells of time comprise a 
selected number of cells of time immediately 
preceding the central cell and a selected num- 
ber of cells of time immediately following the 
central cell. 

6. A system according to any preceding claim 
wherein the central and border cells of time 
are selected to be one minute in duration. 

7. A system, according to any of claims 2 to 6 
including: 

counting means for counting the difference in 
time between a central cell of time and a 
bordering cell of time from which a matching 
second non-predictable code (70) may be gen- 
erated; 

summing means connected to the counting 
means for summing successive differences in 
time counted by the counting means; 
storage means, connected to the summing 
means for storing the output of the summing 
means; and 

shifting means connected to the storage 
means for shifting a central cell and bordering 
cells of time by the summed times stored in 
the storage means. 



10 



19 



EP 0 234 100 B1 



20 



8. A system according to claim 7 including: 

second storage means connected to the com- 
parison means for storing the date of the most 
recent comparison and matching by the com- 
parison means; . 

second counting means connected to. the sec- 
ond storage means for. counting the difference 
in time between the date stored and the date 
of present entry into the second computer; 
dividing means connected to the second to 
counting means for dividing the difference in 
time counted by the second counting means 
by a selected value and prescribing the output 
as a first window opening number; 
window opening means connected to the divid- is 
ing means and the comparison means for cal- 
culating as many extra second non-predictable 
codes on the basis of as many extra bordering 
cells of time immediately preceding and follow- 
ing the selected number of border cells as zo 
prescribed by the first window opening num- 
ber. 

9- A system according to claim 8 further includ- 

in 9 : . ........ « 

sensing means connected to the second clock 
means for sensing a re-setting of the second 
clock means; 

third storage means connected to the sensing 
means for prescribing and storing the occur- 30 
rence of a sensed re-setting of the second 
clock means as a selected second window 
opening number; and 

second window opening means connected to 
the third storage means for calculating as 35 
many additional non-predictable codes on the 
basis of as many additional bordering cells of 
time immediately preceding and following the 
extra border cells of time as prescribed by the 
second window opening number. 40 

10. A system according to any preceding claim 
wherein the first or the second computer (20, 
50) comprises a microprocessor with an al- 
gorithm stored in volatile dynamic memory 45 
with an energizing means that when interrupt- 
ed destroys all data including at least the al- 
gorithm and the static variable. 

11. A system according to any preceding claim 50 
wherein the first computer (20) and the first 
clock means are incorporated into a card of 
about the same size as a credit card. 

12. A system according to any preceding claim 55 
wherein said first computer (50) includes 
means (44) for visually displaying the non- 
predictable code (40) currently being gener- 



ated. 

13. A system as cjaimed in claim 10 wherein said 
card has a length of approximately 84mm (3.3 

. inches), a width of : approximately 53mm (2.1 
inches), and a depth approximately 1.8mrri (.07 
inches). ; ... : .; . 

14. A system as claimed in claim 12 wherein said 
usual display means (44) is a liquid crystal 

' display. . * v 

15. A method of synchronising the time definition 
of dynamic variables (30, 80) in a system for 
comparing non-predictable codes (40, 70) gen- 
erated by separate clock means according to 
time wherein the codes match when the dy- 
namic variables match, comprising the steps 
of: ■ v :: . 

inputting a static variable (10) into a first com- 
puter (20) including a predetermined algorithm; 
employing the algorithm of the first computer 
(20) to calculate a first non-predictable code 
(40) on the basis of the static variable (10) and 
a first dynamic variable (30) defined by a first 
interval of time in which the step of inputting 
occurred according to a first clock; 
independently feeding the static variable (10) 
and the first non- predictable code (40) into a 
second computer (50) including the predeter- 
mined algorithm; 

using the algorithm of the second computer 
(50) to independently calculate a second non- 
predictable code (70) on the basis of the static 
variable (10) and a second dynamic variable 
(60) defined by a second interval of time in 
which the step of feeding occurred according 
to a second clock means; and 
comparing the first and second non-predictable 
codes (40, 70) to determine a match; 
characterised in that: 

the second interval of time comprises a central 
cell of time and one or more bordering cells of 
time; and by: 

using the algorithm of the second computer 
(50) to calculate independently a plurality of 
second non-predictable codes (70) on the ba- 
sis of the static variable (10) and second dy- 
namic variables (60) defined by the cells of 
time; and 

determining when a match occurs between the 
first non-predictable code (40) and one of the 
second non-predictable codes (50). 

. The method according* to claim 15 further in- 
cluding the steps of: 

counting the difference in time between a cen- 
tral cell of time and a bordering cell of time 
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from which a matching second non-predictable 
code may be generated; summing successive 
differences in time counted during the step of 
counting; 

storing the summed successive differences in s 
time; and. 

shifting the central and border cells of time by 
the summed successive differences in time. 

17. The method according to claim 16 further in- . to 
. eluding the steps of: 

storing the date of the most recent comparison 
and determination of a match; 
counting the difference in time between the 
date stored and the date of present entry into is 
• the second computer 
diving the difference counted during the step 
of counting the difference in dates by a se- 
lected value and prescribing the output as a 
first window opening number; and, 20 
calculating as many extra second non-predict- 
able codes (70) on the basis of as many extra 
bordering cells of time immediately preceding 
and following the selected number of border 
cells as prescribed by the first window opening 25 
number. 

18. The method according to claim 17 including 
the steps of: 

sensing a re-setting of the second clock 30 
means; 

prescribing and storing the occurrence of a 
sensed re-setting of the second clock means 
as a second selected window opening number; 
and. 35 
calculating as many additional second non- 
predictable codes (70) on the basts of as many 
additional border cells of time immediately pre- 
ceding and following the extra border celts of 
time as prescribed by the second window ao 
opening number. 

19. The method of claim 15 wherein the central 
and bordering cells of time are selected to be 

one minute in duration. 45 

Revendicatlons 

1. System e destin€ k comparer et accorder des 

codes non pr^visibles gen^res par des calcula- 50 
teurs separes, comportant : 

un premier calculateur (20) utilisable pour 
produire un premier code non pr£visible (40) 
sur la base d'une premiere variable dynamique 
(30) et d'une variable statique (10). un premier 55 
. moyen d'horloge destine & d£finir la premifere 
variable dynamique (30) conformgmeht & un 
* premier intervalle de temps pendant lequel la 



variable statique est introduite dans le premier 
calculateur (20). 

un second calculateur (50) utilisable pour 
produire un second code non privisible (70) 
sur la base d'une seconde variable dynamique 
(60) et de la variable statique (10), un second 
moyen d'horloge destin* & d^flnir la seconde 
variable dynamique (60) conformdment & un 
second intervalle de temps pendant lequel la 
variable statique (10) est introduite dans le 
second calculateur (50), et 

un moyen (80) destine & comparer les 
premier et second codes non prdvlsibles (40, 
70) pour determiner un accord, 

cafact4ris£ en ce que 

le second intervalle de temps comprend 
une cellule centraie de temps ayant une dur£e 
pr6d£termin6e, et une ou plusieurs cellules de 
temps ayant chacune une dur6e pr6d6termi- 
n4e, bordant la cellule centraie, et en ce que 

le second moyen d'horloge ctffinit les va- 
lours respectives de la seconde variable dyna- 
mique (60) pour chaque cellule de temps afin 
que le second calculateur produise des valours 
respectives du second code non prdvisible 
pour chacune des cellules de temps pour une 
comparaison avec (edit premier code non prd- 
visible. 

2. Syst&me selon la revendication 1, dans lequel 
il est pr$vu des moyens destines h synchroni- 
ser le premier moyen d'horloge et le second 
moyen d'horloge &'la suite d'un accord du 
premier code non prSvisible (40) avec I'un des 
seconds codes non pr£visibles (70). 

3. Syst&me selon la revendication 1 ou 2. dans 
lequel la cellule centraie de temps comprend 
la date et la minute dans laquelle la variable 
statique unique est introduite dans le second 
calculateur (50) comme ddfini par le second 
moyen d'horloge. 

4. Systfcme selon la revendication 1 , 2 ou 3. dans 
lequel les cellules de temps bordantes com- 
prennent une cellule de temps comprenant la 
date et la minute preeddant immgdiatement la 
cellule centraie. 

5. Syst&me selon Tune quelconque des revendi- 
catlons pr6c£dentes. dans lequel les cellules 
de temps bordantes comprennent un nombre 
choisi de cellules de temps pr£c£dant imme- 
diatement la cellule centraie et un nombre 
choisi de cellules de temps suivant immediate- 
ment la cellule centraie. 

6. Systfeme selon Tune quelconque des revendi- 
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cations pr6c6dentes. dans lequel les cellules 
de temps* centrale et bordantes sont choisies 
de fagon & avoir una durSe d'une minute. 

7. Syst£me selon Tune quelconque. des revendi- 5 
cations 2 k 6. comprenant : . 

un moyen de comptage destine k compter 
la difference de temps entre une cellule cen- 
trale de temps et une cellule bordante de 
temps & partir de iaquelle un second, code non to 
prSvisible adapte (70) peut Stre gdntf rS ; 

un moyen de sommation connects au 
moyen de comptage pour etablir une somme 
de differences de temps successives corrup- 
tees par le moyen de comptage ; , ts 

un moyen de stockage connects au 
moyen de sommation pour stocker les signaux 
de sortie du moyen de sommation ; et 

un moyen de dlcalage connects au 
moyen de stockage pour decaler une cellule 20 
centrale et des cellules bordantes de temps 
des temps obtenus par sommation et stocks 
dans le moyen de stockage. 



8. Syst&me selon la revendication 7, comprenant 



25 



un second moyen de stockage connecte 
au moyen de comparison et destine h stocker 
la date de la comparison la plus r£cente et de 
I'adaptation etablie par le moyen de comparai- 30 
son ; un second moyen de comptage 
connect^ au second moyen de stockage et 
destine h compter la difference de temps entre 
la date stockee et la date de I'entree presente 
dans le second calculateur ; 35 

un moyen de division connecte au second 
moyen de comptage et destine & diviser la 
difference de temps comptee par le second 
moyen de comptage. par une valeur choisie et 
& prescrire le signal de sortie en tant que 40 
premier numero d'ouverture d'une fen§tre ; 

un moyen d'ouverture de fenStre connecte 
au moyen de division et au moyen de compa- 
raison pour -calculer autant de seconds codes 
non previsibles supplemental res sur la base 45 
d'autant de cellules de. temps bordantes sup- 
piementaires precedant et suivant imrriediate- 
ment le nombre choisi de cellules bordantes 
que present par le premier numero d'ouverture 
de fen§tre. 50 

Syst&me selon la revendication 8, comprenant 
en outre : 

un moyen de detection connecte au se- 
cond moyen d'horloge pour detecter une remi- 55 
se & retat initial du second moyen d'horloge ; 

un troisifeme moyen de stockage connecte 
au moyen de detection pour prescrire et stoc- 



ker I'apparition d'uiie remise 4 retat initial de- 
tectee du second moyen d'horloge en tant que 
second numero choisi d'ouverture d'une fen§- 
tre;et . 

; un second moyen d'ouverture de fenetre 
connects au troisi&me moyen de stockage 
pour calculer autant de codes non previsibles 
additionnels sur la base d'autant de cellules de 
temps bordantes additionnelles precedant et 
suivant Immediatement les cellules de temps 

bordantes suppiementaires que present par le 
second numero d'ouverture de fenStre. 

10. Syst&me selon rune quelconque des revendi- 
cations precedentes, dans lequel le premier ou 
le second calculateur (20. 50) comporte un 
micro-processeiir pourvu d'un algorithme stoc- 
ks dans une mSmoire dynamique volatile avec 
un moyen d'excitatlon qui. lorsqu'il est Inter- 
rompu. detrult toutes les donnees comprenant 
au moins I'algorithme et la variable statique. 

11. Syst&me selon rune quelconque des revendi- 
cations precSdentes. dans lequel le premier 
calculateur (20) et le premier moyen d'horloge 
sont incorporSs dans une carte ayant sensible- 
ment les mdmes dimensions qu'une carte de 
credit. 

12. Sy steme selon I'une quelconque des revendi- 
cations precSdentes, dans lequel ledit premier 
calculateur (50) comprend un moyen (44) des- 
tine h afficher de fagon visuelle le code non 
prSvisible (40) en cours de generation. 

13. Sysfeme selon la revendication 10. dans lequel 
ladite carte a une longueur d'environ 84 mm 
(3.3 inches), une largeur d'environ 53 mm (2.1 
inches) et une profondeur d'environ 1.8 mm 
(0.07 inch). 

14. Systfeme selon la revendication 12. dans lequel 
iedit moyen d'affichage habituel (44) est un 
visual h cristaux liquides. 

15. Procede de synchronisation de la definition 
dans le temps de variables dynamiques (30, 
60) dans un syst£me destine h comparer des 
codes non previsibles (40, 70) genets par des 
moyens d'horloge separ<§s en fonction du 
temps, dans lequel les codes s'accordent lors- 
que les variables dynamiques s'accordent, 
comprenant les etapes qui consistent : 

4 introduire une variable statique (10) dans 
un premier calculateur (20) comprenant un al- 
gorithme predetermine. ; 

& utiliser I'algorithme du premier calcula- 
teur (20) pour calculer un premier code non 
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prgvisible (40) sur fa base de la variable stati* 
que (10) et d'une premiere variable dynamique 
(30) dSfinie par un premier intervalle de temps 
dans lequel 1*6 tape d'introduction a eu lieu 
conformSment k une premiere horloge ; $. 

k procSder k une entree indSpendante de 
la variable statique (10) et du premier code 
non prSvisible (40) dans un second calculateur 
(50) comprenant I'algorithme predetermine ; 

k utiliser I'algorithme du second calcula- io 
teur (50) pour calculer de fa$on indSpendante 
un second code non prSvisible (70) sur la base 
de la variable statique (10) et d'une seconde 
variable dynamique (60) dSfinie par un second 
intervalle de temps dans lequel I'Stape d'en- 15 
tree a eu lieu conformSment k un second 
. moyen d'horloge ; et 

k comparer les premier et second codes 
non pr6visibles (40. 70) pour determiner un 
accord ; 20 

caracterisS en ce que : 

le second intervalle de temps comprend 
une cellule centrale de temps et une ou plu- 
sieurs cellules de temps bordantes ; 

et en ce qu'il consiste : 25 

k utiliser I'algorithme du second calcula- 
teur (50) pour calculer de fagon indSpendante 
plusieurs seconds codes non prSvisibles (70) 
sur la base de la variable statique (10) et de 
secondes variables dynamiques (60) dSfinies 30 
par les cellules de temps ; et 

k determiner lorsqu'un accord apparatt en- 
tre le premier code non prSvisible (40) et Tun 
des seconds codes non prSvisibles (50). 

35 

16. Proceed selon la revendication 15. comprenant 
en outre les Stapes qui consistent : 

k compter la difference de temps entre 
une cellule centrale de temps et une cellule 
bordante de temps k partir de laquelle un 40 
second code non prSvisible adapte peut dtre 
genSre ; 

k etablir la somme de differences succes- 
ses' de temps compt£es durant retape de 
comptage ; 45 

k stocker les differences successives de 
temps dont la somme est r^alisee : et 

k dScaler les cellules de temps centrale et 
bordantes de la somme des differences de 
temps successives. 50 

17. ProcSdS selon la revendication 16, comprenant 
en outre les Stapes qui consistent : 

k stocker la date de la comparaison et de 
la determination d'un accord les plus recentes 55 

k compter la difference de temps entre la 
date stockee et la date d'entree prSsente dans 



le second calculateur ; 

k diviser la difference comptSe durant 
I'Stape de comptage de la difference de date 
par une valeur choisie et k prescrire le signal 
de sortie en tant que premier nombre d'ouver- 
ture d'une fenStre ; et 

k calculer autant .de second codes non 
prSvisibles supplSmentaires (70). sur la base 
d'autant de cellules de temps bordantes sup- 
piementaires prScSdant et suivant immediate* 
ment le nombre choisi de cellules bordantes, 
que prescrit par le premier numdro d'ouverture ' 
de fendtre. 

18. ProcSdS selon la revendication 17, comprenant 
lies Stapes qui consistent : 

k dStecter une remise k I'Stat initial du 
second moyen d'horloge ; 

k prescrire et stocker I'apparition d'une 
remise k I'Stat initial dSteciSe du second 
moyen d'horloge en tant que second numSro 
choisi d'ouverture de fendtre ; et 

k calculer autant de seconds codes non 
prSvisibles additionnels (70) sur la base d'au- 
tant de cellules de temps bordantes addition- 
nelles prScSdant et suivant immSdiatement les 
cellules de temps bordantes supplSmentaires 
que prescrit par le second numSro d'ouverture 
de fenetre. 

19. ProcSdS selon la revendication 15, dans lequel 
les cellules de temps centrale et bordantes 
sont choisies de fagon k avoir une durSe d'une 
minute. 

PatentansprUche 

1. System zum Vergleichen und Zusammonpas- 
sen nicht vorhersagbarer Codes, die durch ge- 
trennte Computer erzeugt wurden, umfassend: 
einen ersten Computer (20), der zur Erzeugung 
eihes ersten nicht vorhersagbaren Codes (40) 
auf der Basis einer ersten dynamischen Vari- 
ablen (30) und einer statischen Variablen (10) 
betatigbar ist, eine erste Takteinrichtung zur 
Definierung der ersten dynamischen Variablen 
(30) entsprechend einem ersten Zeitintervall, 
wShrend dessen die statische Variable in den 
ersten Computer (20) eingegeben wird, 
einen zweiten Computer (50), der zur Erzeu- 
gung eines zweiten nicht vorhersagbaren Co- 
des (70) auf der Basis einer zweiten dynami- 
schen Variablen (60) und der statischen Vari- 
ablen (10) betStigbar ist. eine zweite Taktein- 
richtung zur Definierung der zweiten dynami- 
schen variablen (60) entsprechend einem zwei- 
ten Zeitintervall. wahrend dessen die statische 
variable (10) in den zweiten Computer (50) 
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eingegeben wird, und.Bnrichtuhgen (80) zum 
Vergleichen des ersten und zWeiten nicht vbr- 
x hersagbaren Codes (40. 70). urn eine Oberein- 
stimmung festzustellen, 

dadurch gekennzelchnet, 5 
dafl das zweite Zeitinteryall eine zentrale Zeit- . . 
zelle umfaBt welche eine vorbestimmte Dauer 
besitzt, und eine oder mehrere Zeitzellen, von 
denen jede eine vorbestimmte Dauer besitzt 
und die die zentrale Zelle umgrenzerv und to 
dafl die zweite Takteinrichtung jeweilige Werte 
der zweiten dynamischen Variablen (60) fOr 
jede Zeitzelle definiert, wbdurch der zweite 
Computer jeweilige Werte des zweiten nicht 
vorhersagbaren Codes fOr jede der Zeitzellen ts 
fUr den Vergleich mit dem ersten nicht vor- 
hersagbaren Code liefert 

2. System nach Anspruch 1 . bei dem Einrichtun- 

gen zum Synchronisleren der ersten Taktein- 20 
richtung und der zweiten Takteinrichtung beim 
Obereinstimmen des ersten nicht vorhersagba- 
ren Codes (40) mit einem der zweiten nicht 
vorhersagbaren Codes (70) vorgesehen sind. 

3. System nach Anspruch 1 oder 2. bei dem die 
zentrale Zeitzelle das Datum und die Minute 
umfaflt. zu dem die einzigartige statische Vari- 
able in deh zweiten Computer (50) eingegeben 
wird. wie durch die zweite Takteinrichtung defi- 30 
niert. 

4. System nach Anspruch 1. 2 oder 3. bei dem 
die umgrenzenden. Zeitzellen eine Zeitzelle 
umfassen. welche das Datum und die Minute 55 
unmittelbar vorausgehend der zentralen Zelle 
umfa/U. 

5. System nach einem der vorhergehenden An- 
sprtlche, bei dem die umgrenzenden Zeitzellen <o 
eine ausgewShlte Zahl von Zeitzellen umfas- 

sen, die unmittelbar der zentralen Zelle voraus- 
gehen. sowie eine ausgewahlte Zahl von Zeit- 
zellen. die. .unmittelbar der zentralen Zelle fol- 
9 en * 45 

. System nach einem der vorhergehenden An- 
sprOche, bei dem die zentrale und umgrenzen- 
den Zeitzellen derart gewMhlt sind, dafl sie 
eine Dauer von einer Minute besitzen. 50 

. System nach einem der AnsprQche 2 bis 6, 
umfassend: 

ZShleinrichtungen zum ZShlen der Zeitdiffe- 
renz zwischen einer zentralen Zeitzelle und 55 
einer umgrenzenden Zeitzelle. aus der ein zu- 
sammenpassender zweiter nicht vorhersagba- 
rer Code (70) erzeugt werden kann; 



Summiereinrichtungen die mit den ZShleinrich- 
tungen verbunden sind. urn aufeinanderfolgen- 
de. von den ZShleinrichtungen gezShlte Zeit- 
differenzen zu summieren; 
Speichereinrichtungen, die zum Speichem des 
Ausgangs der Summiereinrichtungen mit den 
Summiereinrichtungen verbunden sind; und 
Schiebeeinrichtungen. die mit den Speicher- 
einrichtungen verbunden sind, urn eine zentra- 
le Zelle und umgrenzende Zeitzellen. um die 
in den Speichereinrichtungen gespeicherten 
summierten Zeiten zu verschieben. 

fi. System nach Anspruch 7, umfassend: 

zweite Speichereinrichtungen. die mit der Ver- 
gleichseinrichtung verbunden sind, um das Da- 
tum des letzten Vergleichs und der Oberein- 
stimmungsbestimmung durch die Vergleichs- 
einrichtung zu speichem; 
zweite ZShleinrichtungen. die mit den zweiten 
Speichereinrichtungen verbunden sind. um die 
Zeitdifferenz zwischen dem gespeicherten Da- 
tum und dem Datum des gegenwMrtigen Zug- 
riffs zu dem zweiten Computer zu zShlen; 
Dividieretnrichtungen. die mit den zweiten 
ZShleinrichtungen verbunden sind, um die von 
den zweiten ZShleinrichtungen gezShlte Zeit- 
differenz durch einen ausgewShlten Wert zu 
dividieren und um den Ausgang als eine erste 
Fensterdffnungszahl vorzuschreiben; 
FensterSffnungseinrichtungen, die mit den Di- 
vidiereinrichtungen und den Vergleichseinrich- 
tungen verbunden sind, um so viele zusStzli- 
che zweite nicht vorhersagbare Codes auf der 
Basis von so vielen zusStzlichen umgrenzen- 
den Zeitzellen, die der ausgewShlten Anzahl 
von umgrenzenden Zeitzellen unmittelbar vor- 
hergehen und folgen. wie durch die erste Fen- 
sterdffnungszahl vorgeschrieben, zu berech- 
nen. 

9. System nach Anspruch 8. ferner umfassend: 
FUhleinrichtungen, die mit der zweiten Taktein- 
richtung verbunden sind. um ein ROcksetzen 
der zweiten takteinrichtung zu ermitteln; 
dritte Speichereinrichtungen, die mit den FUhl- 
einrichtungen verbunden sind. um das Auftre- 
ten eines ermittelten ROcksetzens der zweiten 
Takteinrichtung als eine ausgewShlte zweite 
Fensteroffnungszahl vorzuschreiben und zu 
speichem; und 

zweite FensterCffriungseinrichtungen. die mit 
den dritten Speichereinrichtungen verbunden 
sind. um so viele zusatzliche nicht vorhersag- 
bare Codes auf der Basis von so vielen zusatz- 
lichen umgrenzenden Zeitzellen, die unmittel- 
bar den zusatzlichen umgrenzenden Zeitzellen 
vorausgehen und diesen folgen, wie durch die 
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zweite FensterSffnungszahl vorgeschrieben. zu 
berechnen. 

10. System nach einem der vorhergehenden An- 
sprGche. bei dem der erste Oder der zw6ite s 
Computer (20, 50) einen Mikroprozessor urn- 
faflt, bei dem ein Algorithmus in einem flOchtt- 

gen dynamischen Speicher onit einer Strom ver- 
sorgungseinrichtung gespeichert 1st, die bei 
Unterbrechung alle Oaten einschliefllich wenig- to 
stens des Algorithmus und der statischen Vari- 
ablen zerst5rt. 

11. System nach einem der vorhergehenden An- 
sprtlche, bei dem der erste Computer (20) und 75 
die erste Takteinrichtung in einer Karte von 
etwa der gleichen Gr80e wie eine Kreditkarte 
aufgenommen sind. 

12. System nach einem der vorhergehenden An- 20 
sprOche. bei dem der erste Computer (50) 
Einrichtungen (44) zur visuellen Anzeige des 
gegenw£rtig erzeugten, nicht vorhersagbaren 
Codes (40) umfaflt 

25 

13. System nach Anspruch 10, bei dem die Karte 
eine LSnge von ungefahr 84 mm (3,3 Zoll), 
eine Breite von ungefahr 53 mm (2,1 Zoll) und 
eine Dicke von ungefahr 1,8 mm (0.07 Zoll) 
besitzt. 30 

14. System nach Anspruch 12, bei dem die Ubii- 
che Anzeigeeinrichtung (44) eine FlOssigkri- 
statlanzeige ist. 

55 

15. Verfahren zum Synchronisieren der Zeitdefini- 
tion von dynamischen Variablen (30. 60) in 
einem System zum Vergleichen nicht vorhers- 
agbarer Codes (40, 70), die durch getrennte 
Takteinrichtungen entsprechend der Zeit er- 40 
zeugt wurden, wobei die Codes dann Qberein- 
stimmen, wenn die dynamischen Variablen 
Obereinstimmen, umfassend die folgenden 
Schritte: 

Eingeben einer statischen variable (10) in ei- 45 
nen ersten Computer (20), der einen vorbe- 
stimmten Algorithmus umfaflt; 
Verwenden des Algorithmus des ersten Com- 
puters (20). urn einen ersten nicht vorhersag- 
baren Code (40) auf der Basis der statischen 50 
Variablen (10) und einer ^rsten dynamischen 
Variablen (30) zu berechnen, die durch ein 
erstes Zeitintervall definieirt ist, in dem das 
Eingeben entsprechend einem ersten Takt er- 9 
folgte; 55 
unabhangiges Eingeben der statischen Variab- 
len (10) und des ersten nicht vorhersagbaren 
Codes (40) in einen zweiten Computer (50). 



der den vorbestimmten Algorithmus umfaflt; 
Verwenden des Algorithmus des zweiten Com- 
puters (50) zur unabhSngigen Berechnung ei- 
nes zweiten nicht vorhersagbaren Codes (70) 
auf der Basis der statischen Variablen (10) und 
einer zweiten dynamischen Variablen (60), die 
durch ein zweites Zeitintervall defintert ist, in 
dem der Schritt des Eingebens entsprechend 
einer zweiten Takteinrichtung erfolgte; und 
Vergleichen des ersten und des zweiten nicht 
vorhersagbaren Codes (40, 70), urn eine Ober- 
einstimmung festzustellen; 
dadurch gekennzefchnet, \ 
dafl das zweite Zeitintervall eine zentrale Zeit? 
zelle und eine Oder mehrere umgrenzende 
Zeitzellen umfaflt; und 

dad der Algorithmus des zweiten Computers 
(50) zur unabhSngigen Berechnung einer Vial-; 
zahl von zweiten nicht vorhersagbaren Codes^ 
(70) auf der Basis der statischen Variablen (10) 
und zweiten dynamischen Variablen (60), die 
durch die Zeitzellen definiert sind. verwendet 
wird; und 

Feststellen wenn eine Obereinstimmung zwi- 
schen dem ersten nicht vorhersagbaren Code 
(40) und einem der zweiten nicht vorhersagba- 
ren Codes (50) auftritt. 

16. Verfahren nach Anspruch 15, ferner umfassend 
die folgenden Schritte: 

ZMhlen der Zeitdifferenz zwischen einer zentra- 
len Zeitzelle und einer umgrenzenden Zeitzel- 
le, woraus ein Qbereinstimmender zweiter nicht 
vorhersagbarer Code erzeugt werden kann; 
Summieren aufeinanderfolgender Zeitdifferen- 
zen, die wMhrend des Schrittes des. ZMhlcns 
gezahlt wurden; 

Speichern der summierten aufeinanderfolgen- 
den Zeitdifferenzen; und 
verschieben der zentralen und umgrenzenden 
Zeitzellen urn die summierten aufeinanderfol- 
genden Zeitdifferenzen. 

17. Verfahren nach Anspruch 16. ferner gekenn- 
zelchnet, durch die folgenden Schritte: 
Speichern des Datums des letzten Vergleichs 
und der Feststellung einer Obereinstimmung; 
Zahlen der Zeitdifferenz zwischen dem gespei- 
cherten Datum und dem Datum des gegenwSr- 
tigeh Zugriffs in den zweiten Computer; . 
Dividieren der wMhrend des Schrittes des ZSh- 
lens des Unterschieds der Datumsaingaben ge- 
zahlten Differenz durch einen ausgewahlten 
Wert und Vorschreiben des Ausgangs. als eine 
erste Fenster5ffnungszahl; und Berechnen von 
so vielen zusatzlichen zweiten nicht vorhersag- 
baren Codes (70) auf der Basis von so vielen 
zusatzlichen umgrenzenden Zeitzellen unmit- 
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• telbar vorhergehend und nachfolgend der aus- 
gewShlten Anzahl von umgreruenden Zellen, 
wio durch die erste Fensterdttnungszahl vorge- 
schrieben. 

18. Verfahren nach Anspruch 17, umfassend die 
folgenden Schritte: . 

Ermittetn eines RUcksetzens dor zweiten Takt* 
einrichtung; 

Vorschreiben und Speichem des Auftretens ei- to 
nes ermittelten RUcksetzens der zweiten Takt- 
einrichtung als zweite ausgewShlte Fensterfiff- 
nungszahl; und 

Berechnen von so vtelen zustttztichen zweiten 
nicht vorhersagbaren Codes (70) auf der Basis is 
von so viefen zusfltzlichen umgreruenden Zeit- 
zellen, die unmitteibar den zusfttzfichen urn- 
grenzenden Zeitzelleri vorausgehen und diesen 
folgen, wie durch die zweite Fensteiraffnungs- 
zahl vorgeschrieben. 20 

19. Verfahren nach Anspruch 15. bei dem die zen- 
tralen und die umgreruenden Zeitzellen derart 
ausgewflhlt sind/dafl sie eine Minute Dauer 
haben. ? s 
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